Prevent Hacks on Cisco 2511 Router
Results 1 to 3 of 3

Thread: Prevent Hacks on Cisco 2511 Router

  1. #1
    Junior Member
    Join Date
    Mar 2002
    Posts
    1

    Question Prevent Hacks on Cisco 2511 Router

    Hi,
    I have a problem concerning my router. I have heard from a friend
    that someone has been able to hack on my cisco 2511 router with
    IOS 12.1 and not able to do anything right to prevent it. I have tried
    putting access-list so that only specific IP's could telnet my router
    remotely yet still I am puzzled as to how they are able to enter into
    my system remotely. I think my access list works because when I
    telnet my router using ip's not included in my access list . I get
    error connection. How do they connect to it. They have crack the
    passwords there which said were shadow passwords using special
    software, what are shadow passwords in cisco? Is this the 'enable'
    password? How can I prevent this?

    Here is a portion of my access list:

    access-list 150 permit tcp host x.x.x.x any log
    access-list 150 permit tcp host x.x.x.x any log
    access-list 150 permit tcp host x.x.x.x any log
    access-list 150 permit tcp host x.x.x.x any log
    access-list 150 permit tcp host x.x.x.x any log
    access-list 150 permit tcp host x.x.x.x any log
    access-list 150 deny icmp any any

    x.x.x.x being the ip address of my LANS.

    Hoping someone could help me on this.
    Thank you very much.

    Raul B.

  2. #2
    Banned
    Join Date
    Mar 2002
    Posts
    13
    sorrie me have no idea yeeeeeehaaaaaaaa!!!

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    This is nothing to worry about...your access-list looks just fine. I believe what you are refering to is cracking the cipher for the type 7 password hashes. This can be done very easily in just a matter of seconds. But not to worry too much, the type 5 hahes (enable password) use a much stronger cipher which is pretty difficult to crack. That would be assuming they could get the pw hash in the first place.

    Also, nobody can telnet to your router, so don't worrk about that. The only thing you have to worry about is vulnerabilities that exist within the IOS code itself, just keep up to date with the advisories on cert.org to make sure they don't effect you. Like the recent SNMP vulnerability.

    Oh...and BTW even though cisco uses an implicit deny at the end of access-lists, you might want to add it in there at the end just for clarification purposes:

    access-list 150 deny any any log.

    Just makes it easier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •